From d9252468792d52373b7cab1b66eda5fe279f7cb5 Mon Sep 17 00:00:00 2001 From: Dmitry Valter Date: Fri, 16 Sep 2022 12:33:25 +0000 Subject: vnet: fix ip4 version and IHL check Validate version and IHL regardless of present options. Originally VPP would accept seriously damaged headers in case IHL != 5. Type: fix Signed-off-by: Dmitry Valter Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574 --- src/vnet/ip/ip.api | 6 ++++++ src/vnet/ip/ip4_input.h | 8 +++++--- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'src/vnet/ip') diff --git a/src/vnet/ip/ip.api b/src/vnet/ip/ip.api index 23e094b48a0..8a6ecc8da2f 100644 --- a/src/vnet/ip/ip.api +++ b/src/vnet/ip/ip.api @@ -1020,6 +1020,12 @@ counters ip4 { units "packets"; description "ip4 ttl <= 1"; }; + hdr_too_short { + severity error; + type counter64; + units "packets"; + description "ip4 IHL < 5"; + }; /* Errors signalled by ip4-rewrite. */ mtu_exceeded { diff --git a/src/vnet/ip/ip4_input.h b/src/vnet/ip/ip4_input.h index 57aef0bf77a..d2ed13fa35f 100644 --- a/src/vnet/ip/ip4_input.h +++ b/src/vnet/ip/ip4_input.h @@ -60,15 +60,17 @@ check_ver_opt_csum (ip4_header_t * ip, u8 * error, int verify_checksum) { if (PREDICT_FALSE (ip->ip_version_and_header_length != 0x45)) { - if ((ip->ip_version_and_header_length & 0xf) != 5) + if ((ip->ip_version_and_header_length & 0xf0) != 0x40) + *error = IP4_ERROR_VERSION; + else if ((ip->ip_version_and_header_length & 0x0f) < 5) + *error = IP4_ERROR_HDR_TOO_SHORT; + else { *error = IP4_ERROR_OPTIONS; if (verify_checksum && clib_ip_csum ((u8 *) ip, ip4_header_bytes (ip)) != 0) *error = IP4_ERROR_BAD_CHECKSUM; } - else - *error = IP4_ERROR_VERSION; } else if (PREDICT_FALSE (verify_checksum && clib_ip_csum ((u8 *) ip, sizeof (ip4_header_t)) != -- cgit 1.2.3-korg